[Bug 1974037] Re: openssl: EVP_EC_gen() segfault without init

Launchpad Bug Tracker 1974037 at bugs.launchpad.net
Mon Jun 20 14:32:33 UTC 2022 

This bug was fixed in the package openssl - 3.0.2-0ubuntu1.4

---------------
openssl (3.0.2-0ubuntu1.4) jammy; urgency=medium

  * d/p/lp1978093/*: renew some expiring test certificates (LP:
#1978093)

openssl (3.0.2-0ubuntu1.3) jammy; urgency=medium

  * d/p/lp1974037/*: cherry-pick another patchset to fix regressions with the
    previous lp1974037 one (LP: #1974037)
  * d/p/Set-systemwide-default-settings-for-libssl-users: partially apply it on
    Ubuntu to make it easier for user to change security level (LP: #1972056)
  * d/p/lp1947588.patch: Cherry-picked as our patches make it very easy to
    trigger the underlying bug (LP: #1947588)

 -- Simon Chopin <schopin at ubuntu.com>  Thu, 09 Jun 2022 13:20:55 +0200

** Changed in: openssl (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1974037

Title:
  openssl: EVP_EC_gen() segfault without init

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  Fix Released
Status in openssl source package in Kinetic:
  Fix Released
Status in openssl package in Debian:
  Fix Released

Bug description:
  [Impact]

  The fix for
  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997 has
  broken some code paths as the new string comparison functions now need
  initialization, triggering segafults.

  The provided debdiff fixes the immediate issue and also settles on a
  new implementation not requiring the initialization in the first
  place.

  [Test Plan]

  Since this is a regression fix, we first need to check that the
  original bug hasn't cropped up again:

  sudo locale-gen tr_TR.UTF-8
  LANG=C curl https://ubuntu.com/ > /dev/null # This work
  LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This should work as well

  For the regression itself:

  sudo apt install libssl-dev
  cat <<EOF > openssl_test.c
  #include <openssl/evp.h>
  int main()
  {
      EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
  }
  EOF
  gcc openssl_test.c -lcrypto -lssl -o openssl_test
  ./openssl_test

  
  [Where problems could occur]

  This new patch set is relatively massive, on top of another massive one.
  Some new regressions could crop up of a similar kind. Furthermore, the
  homegrown string comparison function could be buggy, leading to algorithm name mismatches.

  [Other info]

  The patches all come from upstream and have been merged on their 3.0
  maintenance branch.

  [Original report]

  Source: sscg
  Version: 3.0.2-1
  Severity: serious
  Tags: ftbfs

  https://buildd.debian.org/status/logs.php?pkg=sscg&ver=3.0.2-1%2Bb1

  ...
   1/10 generate_rsa_key_test FAIL              0.01s   killed by signal 11 SIGSEGV
  04:32:21 MALLOC_PERTURB_=87 /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/generate_rsa_key_test
  ...

  Summary of Failures:

   1/10 generate_rsa_key_test FAIL              0.01s   killed by signal
  11 SIGSEGV

  Ok:                 9
  Expected Fail:      0
  Fail:               1
  Unexpected Pass:    0
  Skipped:            0
  Timeout:            0
  dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1
  make: *** [debian/rules:6: binary-arch] Error 25

  This has also been reported on the openssl-users mailing list:

  https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions

More information about the foundations-bugs mailing list